Export limit exceeded: 359576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359576 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25464 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.4. | ||||
| CVE-2026-27044 | 2 Totalsuite, Wordpress | 2 Total Poll Lite, Wordpress | 2026-04-24 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0. | ||||
| CVE-2026-27046 | 2 Kaira, Wordpress | 2 Storecustomizer, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through <= 2.6.3. | ||||
| CVE-2026-27047 | 2 Mikado-themes, Wordpress | 2 Curly, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through <= 2.1.6. | ||||
| CVE-2026-27075 | 2 Mikado-themes, Wordpress | 2 Belfort, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0. | ||||
| CVE-2026-27077 | 2 Mikado-themes, Wordpress | 2 Multioffice, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2. | ||||
| CVE-2026-27078 | 2 Mikado-themes, Wordpress | 2 Emaurri, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1. | ||||
| CVE-2026-27082 | 2 Themerex, Wordpress | 2 Love Story, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through <= 1.3.12. | ||||
| CVE-2026-27083 | 2 Themerex, Wordpress | 2 Work & Travel Company, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through <= 1.2. | ||||
| CVE-2026-27088 | 2 G5theme, Wordpress | 2 Darna Framework, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Darna Framework darna-framework allows Reflected XSS.This issue affects Darna Framework: from n/a through <= 2.9. | ||||
| CVE-2026-25377 | 2 Eyecix, Wordpress | 2 Addon Jobsearch Chat, Wordpress | 2026-04-24 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0. | ||||
| CVE-2026-25390 | 2 Saad Iqbal, Wordpress | 2 New User Approve, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.3. | ||||
| CVE-2026-25401 | 2 Arni Cinco, Wordpress | 2 Wpcargo Track & Trace, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. | ||||
| CVE-2026-4331 | 2 Pr-gateway, Wordpress | 2 Blog2social: Social Media Auto Post & Scheduler, Wordpress | 2026-04-24 | 4.3 Medium |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid b2s_security_nonce, both of which are available to Subscriber-level users, as the plugin grants 'blog2social_access' capability to all roles upon activation, allowing them to access the plugin's admin pages where the nonce is output. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all _b2s_post_meta records from the wp_postmeta table, permanently removing all custom social media meta tags for every post on the site. | ||||
| CVE-2026-31920 | 2 Devteam Haywoodtech, Wordpress | 2 Product Rearrange For Woocommerce, Wordpress | 2026-04-24 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2. | ||||
| CVE-2026-25455 | 2 Pickplugins, Wordpress | 2 Product Slider For Woocommerce, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61. | ||||
| CVE-2026-32489 | 2 Bplugins, Wordpress | 2 B Blocks, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30. | ||||
| CVE-2026-32491 | 2 Jgwhite33, Wordpress | 2 Wp Review Slider, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through <= 13.9. | ||||
| CVE-2026-32494 | 2 Ays-pro, Wordpress | 2 Image Slider, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. | ||||
| CVE-2026-32495 | 2 Linksoftwarellc, Wordpress | 2 Wp Terms Popup, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0. | ||||